E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Egghead.com breach could be Internet's biggest ever

Source: National Post

Posted on December 23, 2000

      As many as 3.6 million credit cards belonging to people across North America could be at risk today after a hacker cracked a California-based retailer's Web site in what is being called one of the worst security breaches in the history of the Internet.

      The Web site of Egghead.com, which specializes in electronic products, was hit by a hacker this week. The company learned of the incident late Thursday and made it public yesterday.

      Egghead.com said that it has Canadian customers, but it could not confirm the number who have used its site.

      "The attack on Egghead looks like the work of a good hacker," said Sacha Faust, an Internet security expert.

      "And it may be a very hard task to ever track him down. He could be in the U.S. or in Europe. He could be anywhere. It's possible they'll never know who did this."

      Egghead.com said it was uncertain whether the hacker was able to crack the database that contained credit card information. However, the company determined the best course of action was to notify law enforcement agencies and financial institutions.

      Shoreen Maghame, a spokeswoman for Egghead.com, said notifying the major credit card companies was a precaution.

      MasterCard was recommending yesterday that the issuing banks and financial institutions pay careful attention to the use of the card numbers and cancel and reissue member credit cards if necessary.

      Visa said cancelling the cards and reissuing them to consumers is a possibility.

      Customers using either MasterCard or Visa are not responsible for fraudulent purchases made on the cards. Both companies implemented a "zero liability" policy this year in an attempt to increase credit card purchases on the Internet.

      The attack comes during a holiday season that has seen increased use of Internet retail sites. About 33.8 million consumers visited e-tailing sites in the United States during the second week of December, according to Media Metrix, a firm that tracks Internet use.

      Canadian Internet retailers such as Sears.ca and Futureshop.ca also saw use increase into December, according to the company.

      Statistics show Canadians are reluctant to use credit cards on the Internet. A recent Ipsos-Reid survey said 73% of Internet users in Canada have never made a purchase online and of those, 74% said their reluctance is based on fears about the security of giving their credit card information.

      Attacks such as the one on Egghead.com hinder Internet retailing on both sides of the border, said Michael Murphy, the general manager of Symantec Canada, a company that specializes in Internet security. "Every time we get rolling to make things easier and get more customers using the Internet for purchasing, someone identifies a vulnerability and exploits it," he said.

      Earlier this month, Canadian Imperial Bank of Commerce introduced one-time disposable credit card numbers to alleviate security and privacy concerns about shopping on the Internet.

      Its four million CIBC Visa customers will soon be able to use the numbers in place of their real card number for each of their online transactions, the bank said.

      In response to the hacker attack, Egghead.com has hired an Internet security firm to investigate the incident and determine what data the hacker accessed. Customers could leave their credit card numbers on the site so they did not have to enter them again after making their first order. These numbers were stored in a database on a computer server and could be accessed through the customer's password. "There's no excuse for what happened [at Egghead.com]," said Robert Kubbernus, chief executive of Calgary Internet security firm Jawz Inc. "There are a number of companies that sell equipment that could have prevented this. Why are they bringing in security experts after the attack?"

      The attack could become the worst Internet security breach to date. Earlier this year, CD Universe, a U.S. Internet music retailer, was cracked by a Russian hacker and the numbers from 300,000 credit cards were stolen.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.